In HOTP authentication, is there a way for a system to detect that the token has been desynchronized? If so how does it know that the OTP was generated from a desynchronized (but valid) token and is ...

We use MobilePASS at work but the latest version of the android client seems to be buggy so I wanted to have a go at implementing the algorithm myself.
You can download the client to play with here: ...

From RFC 4226 I understand how HOTP generates one-time passwords by incrementing a counter and uses the 'look-ahead' window to try to resynchronise (from this counter), if the user tries a few wrong ...